If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

{Staying anonymous}Tor- The Onion Router

Code:

torproject.org/

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it's going.

To create a private network pathway with Tor, the user's software or client incrementally builds a circuit of encrypted connections through relays on the network. The circuit is extended one hop at a time, and each relay along the way knows only which relay gave it data and which relay it is giving data to. No individual relay ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through.

Once a circuit has been established, many kinds of data can be exchanged and several different sorts of software applications can be deployed over the Tor network. Because each relay sees no more than one hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the connection's source and destination. Tor only works for TCP streams and can be used by any application with SOCKS support.

For efficiency, the Tor software uses the same circuit for connections that happen within the same ten minutes or so. Later requests are given a new circuit, to keep people from linking your earlier actions to the new ones.

Hidden services

Tor also makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. Using Tor "rendezvous points," other Tor users can connect to these hidden services, each without knowing the other's network identity. This hidden service functionality could allow Tor users to set up a website where people publish material without worrying about censorship. Nobody would be able to determine who was offering the site, and nobody who offered the site would know who was posting to it. Learn more about configuring hidden services and how the hidden service protocol works.

If you have the time to watch this video, the author of sslstrip talked briefly
about how he sniffed information of the tor users by acting as a tor exit
node. It is quite scary how ignorant some of the tor users are, and how easily sniffing tor is actually done. Start a Tor Relay, Open Ettercap. 2 simple steps which will guarantee a heck lot of passwords. Not that I tried...

Always remember that Tor is secure for the purpose it was made for. In protecting your anonymity by encrypting all the traffic between the TOR nodes and masking your ip address for the final destination. Nothing else!

Though recently a lot of security issues has been found as well. Such a shame.
I used to like Tor when it wasn't slow once, but yeah the problem are the exit nodes unfortunately.

[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

DNS:
- Use OpenDNS or your own recursive nameserver locally or install one on an external server of yours.

IP / Data Traffic:
- Get access to a VPN and tunnel your traffic through this OR
- Get your own VPS, f.ex. at VPSLink or whatever site that offers cheap shells and tunnel your traffic through SSH. (this encrypts the traffic).
- Last but not least, you can also go through hacked targets, however i cannot advice this of course :-)

There is of course even more ways, such as spoofing information sent by your
programs including your browser. F.ex. changing user-agent and so fourth is just
a tiny step towards on being more anonymous.

Of course if the above VPN or VPS can be linked directly to you then it isn't much anonymity you get.

Encrypting your harddrive and all your traffic including emails (thus using bs-ssl) can be a good idea as well.

[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]